Launchpad CVE tracker

CVE 2021-44227

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

Related bugs and status

CVE-2021-44227 (Candidate) is related to these bugs:

Bug #1952384: A CSRF vulnerability could allow a list moderator or list member to access the admin UI

Summary				In	Importance	Status
	1952384	A CSRF vulnerability could allow a list moderator or list member to access the admin UI		GNU Mailman	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2021-44227

Related bugs and status

Related bugs

References